This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/d94294-7999-4009-9dd6-2567f4a9b139/1/lha0ZmedDVL5ojeX6XufkbgdzDc.roa
File:                     lha0ZmedDVL5ojeX6XufkbgdzDc.roa (raw, json)
Hash identifier:          aql9eZoUUBsK6RGXxorryRAzls71w3x+Yu3C3M/JeMA=
Subject key identifier:   96:16:B4:66:67:9D:0D:52:F9:A2:37:97:E9:7B:9F:91:B8:1D:CC:37
Certificate issuer:       /CN=a4f4c16555d6f03b6d6c8d0a8ccbe1af1eaec43a
Certificate serial:       019B7D5AE712FFC9D43F58305903FB6FC1D7
Authority key identifier: A4:F4:C1:65:55:D6:F0:3B:6D:6C:8D:0A:8C:CB:E1:AF:1E:AE:C4:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPTBZVXW8DttbI0KjMvhrx6uxDo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/d94294-7999-4009-9dd6-2567f4a9b139/1/lha0ZmedDVL5ojeX6XufkbgdzDc.roa
Signing time:             Fri 02 Jan 2026 06:17:47 +0000
ROA not before:           Fri 02 Jan 2026 06:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39686
IP address blocks:        194.104.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/d94294-7999-4009-9dd6-2567f4a9b139/1/pPTBZVXW8DttbI0KjMvhrx6uxDo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/d94294-7999-4009-9dd6-2567f4a9b139/1/pPTBZVXW8DttbI0KjMvhrx6uxDo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPTBZVXW8DttbI0KjMvhrx6uxDo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:e7:12:ff:c9:d4:3f:58:30:59:03:fb:6f:c1:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f4c16555d6f03b6d6c8d0a8ccbe1af1eaec43a
        Validity
            Not Before: Jan  2 06:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9616b466679d0d52f9a23797e97b9f91b81dcc37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:84:e1:d0:18:a4:f7:7f:59:0e:73:a8:4a:ba:
                    7a:83:ca:64:27:fc:6e:93:44:8e:1a:db:59:05:6c:
                    c3:02:7b:ba:4f:57:53:e7:50:f6:cf:26:7d:98:fd:
                    f0:3d:8d:02:5c:23:47:25:3b:8f:a1:71:29:8e:43:
                    c0:e7:4e:53:36:5a:9b:56:c7:fc:90:b1:f8:52:d5:
                    16:60:1a:37:e1:2e:5b:75:a8:2f:99:11:c5:7d:3e:
                    ac:3e:5d:4c:89:13:92:85:44:18:09:74:2b:1c:81:
                    bd:29:3e:8f:96:e8:96:45:b5:f1:50:e0:b2:28:8f:
                    1b:32:f7:74:12:df:e9:ce:df:b9:72:bd:a4:87:61:
                    17:4a:4d:23:e4:30:e7:76:a7:cc:cb:50:e5:f1:e3:
                    5e:42:21:af:a5:29:4b:f6:ed:ce:b9:90:d7:5c:35:
                    e4:6b:a2:e0:97:76:0c:a0:d0:84:33:2c:d6:39:85:
                    99:1e:72:96:7f:68:06:44:fb:8a:33:d6:17:90:09:
                    a4:81:0f:0c:59:37:29:a0:df:67:a1:68:03:fe:bf:
                    a9:e8:78:bd:58:e2:8f:b4:59:c3:77:53:15:c4:4f:
                    45:20:5e:60:a6:64:08:69:05:2d:42:dc:40:8b:b1:
                    31:87:28:b8:69:96:08:94:2f:05:c0:50:9e:c2:56:
                    0c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:16:B4:66:67:9D:0D:52:F9:A2:37:97:E9:7B:9F:91:B8:1D:CC:37
            X509v3 Authority Key Identifier:
                keyid:A4:F4:C1:65:55:D6:F0:3B:6D:6C:8D:0A:8C:CB:E1:AF:1E:AE:C4:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPTBZVXW8DttbI0KjMvhrx6uxDo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d94294-7999-4009-9dd6-2567f4a9b139/1/lha0ZmedDVL5ojeX6XufkbgdzDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d94294-7999-4009-9dd6-2567f4a9b139/1/pPTBZVXW8DttbI0KjMvhrx6uxDo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:89:f3:1b:0a:8b:1d:bb:f5:15:6c:cb:fd:37:8a:23:dc:35:
         92:53:5e:88:ab:c0:dd:07:f4:9b:f1:04:51:e9:58:8f:1d:f3:
         00:1e:66:b3:c7:28:71:9c:ab:57:1d:f9:4d:d3:be:fd:96:d3:
         d0:a6:4f:8c:8d:8d:93:7c:dc:c9:ef:91:9d:a4:2c:98:1a:3c:
         28:c4:4b:be:8a:d5:6b:b3:b9:2f:0f:9b:87:ed:fb:9f:5a:dc:
         57:bd:ab:cb:3d:e3:18:b7:ed:59:e0:70:41:43:2a:d2:18:0d:
         e6:00:7a:b5:b8:5c:27:a9:fe:8d:f0:9c:f3:7a:eb:97:c8:a1:
         01:9f:cb:76:36:82:d6:c6:2c:25:55:ce:72:19:8c:64:f6:0f:
         e7:0f:b0:13:cb:40:7c:81:7c:b1:22:c9:f1:11:28:84:05:4b:
         c4:92:83:a6:93:55:bf:09:21:71:b2:06:a3:d8:0b:16:45:5d:
         5e:34:96:18:f8:ed:f7:d0:83:bc:15:ad:a9:80:d5:70:b4:ae:
         49:1d:02:06:7c:de:95:91:a6:6f:66:00:35:0b:7c:f7:f3:a2:
         7b:a6:03:2e:8d:07:7d:fd:42:f1:2f:6c:3d:df:4e:d2:d4:70:
         94:f4:7c:bd:85:da:a5:46:16:1f:eb:17:03:30:6d:b8:77:77:
         48:41:dc:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WucS/8nUP1gwWQP7b8HXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZjRjMTY1NTVkNmYwM2I2ZDZjOGQwYThjY2JlMWFmMWVh
ZWM0M2EwHhcNMjYwMTAyMDYxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE2YjQ2NjY3OWQwZDUyZjlhMjM3OTdlOTdiOWY5MWI4MWRjYzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YTh0Bik939ZDnOoSrp6g8pkJ/xu
k0SOGttZBWzDAnu6T1dT51D2zyZ9mP3wPY0CXCNHJTuPoXEpjkPA505TNlqbVsf8
kLH4UtUWYBo34S5bdagvmRHFfT6sPl1MiROShUQYCXQrHIG9KT6PluiWRbXxUOCy
KI8bMvd0Et/pzt+5cr2kh2EXSk0j5DDndqfMy1Dl8eNeQiGvpSlL9u3OuZDXXDXk
a6Lgl3YMoNCEMyzWOYWZHnKWf2gGRPuKM9YXkAmkgQ8MWTcpoN9noWgD/r+p6Hi9
WOKPtFnDd1MVxE9FIF5gpmQIaQUtQtxAi7Exhyi4aZYIlC8FwFCewlYMJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYWtGZnnQ1S+aI3l+l7n5G4Hcw3MB8GA1UdIwQY
MBaAFKT0wWVV1vA7bWyNCozL4a8ersQ6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBUQlpWWFc4RHR0YkkwS2pNdmhyeDZ1eERvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kOTQyOTQtNzk5OS00MDA5LTlkZDYt
MjU2N2Y0YTliMTM5LzEvbGhhMFptZWREVkw1b2plWDZYdWZrYmdkekRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kOTQyOTQtNzk5OS00MDA5LTlkZDYtMjU2N2Y0YTliMTM5
LzEvcFBUQlpWWFc4RHR0YkkwS2pNdmhyeDZ1eERvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmhxMA0G
CSqGSIb3DQEBCwUAA4IBAQBIifMbCosdu/UVbMv9N4oj3DWSU16Iq8DdB/Sb8QRR
6ViPHfMAHmazxyhxnKtXHflN0779ltPQpk+MjY2TfNzJ75GdpCyYGjwoxEu+itVr
s7kvD5uH7fufWtxXvavLPeMYt+1Z4HBBQyrSGA3mAHq1uFwnqf6N8JzzeuuXyKEB
n8t2NoLWxiwlVc5yGYxk9g/nD7ATy0B8gXyxIsnxESiEBUvEkoOmk1W/CSFxsgaj
2AsWRV1eNJYY+O330IO8Fa2pgNVwtK5JHQIGfN6VkaZvZgA1C3z386J7pgMujQd9
/ULxL2w9307S1HCU9Hy9hdqlRhYf6xcDMG24d3dIQdxT
-----END CERTIFICATE-----